CN115455398B - SoC-based Internet of things terminal configuration updating method - Google Patents

SoC-based Internet of things terminal configuration updating method Download PDF

Info

Publication number
CN115455398B
CN115455398B CN202211415792.XA CN202211415792A CN115455398B CN 115455398 B CN115455398 B CN 115455398B CN 202211415792 A CN202211415792 A CN 202211415792A CN 115455398 B CN115455398 B CN 115455398B
Authority
CN
China
Prior art keywords
area
processor
authority
data
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211415792.XA
Other languages
Chinese (zh)
Other versions
CN115455398A (en
Inventor
王嘉诚
张少仲
张栩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongcheng Hualong Computer Technology Co Ltd
Original Assignee
Zhongcheng Hualong Computer Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongcheng Hualong Computer Technology Co Ltd filed Critical Zhongcheng Hualong Computer Technology Co Ltd
Priority to CN202211415792.XA priority Critical patent/CN115455398B/en
Publication of CN115455398A publication Critical patent/CN115455398A/en
Application granted granted Critical
Publication of CN115455398B publication Critical patent/CN115455398B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an updating method for terminal configuration of an Internet of things based on SoC, which relates to the technical field of computers and comprises the steps that after a universal area is applied to obtain a credible permission of a user server, the universal area generates a request permission verification matrix according to various permission data sent by the server and a random sequence sent by a safety area to request a corresponding privilege resource block after verification is carried out on the safety area, the safety area allows the universal area to access and update the permission of special resources of a specific block after verification is carried out in the same mode, a timer is started at the same time, and after the timer is finished, the permission of the universal area is terminated. The method of the invention can prevent the universal area program from excessively correcting and updating the privilege data without accessing unnecessary privilege data.

Description

SoC-based Internet of things terminal configuration updating method
Technical Field
The invention belongs to the technical field of computers, and particularly relates to an Internet of things terminal configuration updating method based on SoC.
Background
With the rapid development and popularization of 5G and Internet of things technologies, application scenes of Internet of things equipment are more and more extensive, in some application scenes, equipment and information safety of an Internet of things terminal are very important, a system on chip of the Internet of things terminal is set to be in a safe state when the system on chip leaves a factory, and at the moment, a general processor (belonging to an SoC non-privileged module) does not allow access to privileged resources inside a chip.
However, in practical applications, for a system on chip in a secure state, when some programs are running, the general-purpose processor needs to access some privileged resources in the chip, and some configuration updates may be performed on the privileged resources, so that the programs can run normally. In such situations, it is necessary to ensure that the programs do not access unnecessary and unnecessary privilege data when running, and to prevent the programs from making excessive corrective updates to the privilege data.
Disclosure of Invention
In view of the above-mentioned drawbacks in the prior art, the present invention provides an SoC-based method for updating a configuration of an internet of things terminal, which is applied to a system on chip SoC, where the SoC includes a general area and a security area, where the general area includes a general processor, a general memory area, and a general communication interface, and the security area includes a security processor, a security memory area, and a security communication interface, and the method includes:
detecting that the application program requests to access and update privileged resources of a secure area storage area when the general purpose processor executes the application program;
the general processor calls a general communication interface to initiate a calling request to a user server, wherein the calling request comprises resource content which is requested to be accessed and updated and information of the application program;
the user server receives the calling request, and the user server sends a calling request permission instruction to the universal area communication interface after determining that the calling request is permitted, or else sends a calling request rejection instruction;
the universal area sends a preparation state feedback to a user server after receiving the permission calling request instruction;
after receiving the preparation state feedback, the user server sequentially sends multiple items of authority data with random sequences to a universal area communication interface, wherein the multiple items of authority data comprise: during the authorization permission period, the block ID corresponding to the privileged resource requested to be accessed and updated, and the hash value of the block corresponding to each privileged resource requested to be accessed and updated;
the universal area stores the plurality of items of authority data in sequence according to the received authority data sequence;
after the user server confirms that all the multiple items of authority data are sent, the user server sends an authority verification command to a communication interface of a safe area, wherein the authority verification command comprises the multiple items of authority data and indicates a sending sequence when the user server sends the multiple items of authority data to the universal area;
after the safety area receives and stores the plurality of items of authority data, the safety area processor generates a random sequence, the random sequence indicates that the plurality of items of authority data received by the general area are rearranged, and the safety area processor sends the random sequence to the general processor;
the general processor rearranges the received multiple items of authority data according to the random sequence, generates a request authority verification matrix and sends the request authority verification matrix to a safety processor;
the security processor rearranges the multiple items of authority data in the same mode, calculates an authority verification matrix, compares the authority verification matrix with a request authority verification matrix sent by the general processor, allows the general processor to access and update the block of the privileged resource requested to be accessed and updated when the authority verification matrix is the same as the request authority verification matrix, and simultaneously opens a timer during the authorization permission period;
and when the general processor judges that the updating of the privileged resource is completed, the general processor returns an updating completion signaling to the user server.
The SoC comprises a general area and a safety area, wherein the general area comprises a general processor, a general memory area and a general communication interface, the general processor is used for executing data processing functions in the general area, the general memory area is used for storing non-privileged data, and the general communication interface is used for carrying out external communication in the general area; the security zone comprises a security processor, a security storage zone and a security communication interface, wherein the security processor is used for executing data processing functions in the security zone, the security storage zone is used for storing privilege data, and the security communication interface is used for carrying out external communication in the security zone; the general purpose processor is in secure data communication with the secure processor through a secure channel interface.
The server determines whether to permit the calling request according to the information of the application program, the resource content requested to be accessed and updated and the set modification permission for the resource content requested to be accessed and updated;
the user server stores an application program information base, the application program information base comprises a known credible information state of the application program, and the credible information state is according to a credit state of an application program supplier and historical abnormal record information of the application program.
Wherein, the sending of multiple items of authority data in a random order to the universal area communication interface in sequence comprises:
after the user server sends one item of authority information data and receives an ACK signal returned by the universal area, the next item of authority information data is sent to ensure that the receiving sequence and the sending sequence of the universal area are consistent; and the universal area stores the multiple items of authority data in sequence according to the sequence of the received authority data.
The general processor rearranges the received multiple items of authority data according to the random sequence and then generates a request authority verification matrix as follows:
suppose that the authority data sent by the user server to the universal area is
Figure 732513DEST_PATH_IMAGE001
Items, arranged as one
Figure 416303DEST_PATH_IMAGE001
Vitamin C
Figure 428121DEST_PATH_IMAGE002
Vector of the
Figure 986141DEST_PATH_IMAGE002
The vector is one
Figure 374397DEST_PATH_IMAGE003
Dimension vector, the general processor rearranges according to the random sequence sent by the safety processor to obtain rearranged vector
Figure 599842DEST_PATH_IMAGE004
Vector of
Figure 782562DEST_PATH_IMAGE004
The vector is one
Figure 624616DEST_PATH_IMAGE003
A dimension vector; the request permission validation matrix
Figure 52449DEST_PATH_IMAGE005
Said request right verification matrix
Figure 132400DEST_PATH_IMAGE006
Is one
Figure 751600DEST_PATH_IMAGE007
A matrix of dimensions.
The security processor rearranges the plurality of items of authority data in the same way and calculates an authority verification matrix as follows:
suppose that the authority data sent by the user server to the general area is
Figure 549792DEST_PATH_IMAGE001
The security processor recovers an authority verification command and the plurality of items of authority data contained in the authority verification command according to the sending sequence when the user server sends the plurality of items of authority data to the universal area to form a unit
Figure 217534DEST_PATH_IMAGE001
Vitamin (vitamin)
Figure 417571DEST_PATH_IMAGE008
Vector quantity;
the safety processor rearranges according to the random sequence to obtain rearranged
Figure 207672DEST_PATH_IMAGE009
Vector of the
Figure 493160DEST_PATH_IMAGE009
The vector is one
Figure 26910DEST_PATH_IMAGE003
A dimension vector;
the permission validation matrix
Figure 284716DEST_PATH_IMAGE010
Said right verification matrix
Figure 478674DEST_PATH_IMAGE011
Is one
Figure 251458DEST_PATH_IMAGE007
A matrix of dimensions;
the security processor verifies the permission matrix
Figure 588899DEST_PATH_IMAGE011
Request authority verification matrix sent by general processor
Figure 497949DEST_PATH_IMAGE006
Comparing and judging
Figure 833115DEST_PATH_IMAGE012
The general purpose processor is allowed to access and update the block of privileged resources that it is requesting access and updates.
After receiving the update completion signaling, the user server notifies the security zone to terminate the security session and clears all authority data information of the session;
the authority data information comprises the received authority data and the generated authority verification matrix.
After receiving the update completion signaling, the user server further notifies the security zone to terminate the security session, and then:
and the user server informs the security zone of uploading the content of the privilege resource block updated this time and covers the content of the privilege resource block stored in the user server.
Wherein, when the timer is returned to 0 during the authorization permission period, the security processor actively terminates the security session and sends an abnormal configuration update indication to the user server.
And after receiving the configuration updating abnormal indication, the user server initiates a recovery indication to the security area, wherein the recovery indication comprises the backup content of the block corresponding to the privileged resource requested to be accessed and updated in the session, and the backup content is the content of the block corresponding to the security area before the update is initiated.
Compared with the prior art, after the universal area application obtains the credible permission, the request permission validation matrix is generated to request the corresponding privilege resource block after the validation of the security area according to each item of permission data sent by the user server and the random sequence sent by the security area. The method of the invention can prevent the universal area program from excessively correcting and updating the privilege data without accessing unnecessary privilege data.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present disclosure will become readily apparent from the following detailed description, which proceeds with reference to the accompanying drawings. Several embodiments of the present disclosure are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar or corresponding parts and in which:
fig. 1 is a flowchart illustrating a SoC-based method for updating configuration of an internet of things terminal according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise, and "a plurality" typically includes at least two.
It should be understood that while the terms first, second, third, etc. may be used in embodiments of the present invention to describe … …, these … … should not be limited to these terms. These terms are used only to distinguish … …. For example, a first … … may also be referred to as a second … …, and similarly, a second … … may also be referred to as a first … …, without departing from the scope of embodiments of the present invention.
It should be understood that the term "and/or" as used herein is merely one type of association that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The words "if", as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (a stated condition or event)" may be interpreted as "upon determining" or "in response to determining" or "upon detecting (a stated condition or event)" or "in response to detecting (a stated condition or event)", depending on the context.
It is also noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another like element in a commodity or device comprising the element.
Alternative embodiments of the present invention are described in detail below with reference to the accompanying drawings.
The first embodiment,
As shown in fig. 1, the present invention discloses an update method for SoC-based terminal configuration of internet of things, which is applied to SoC of a system on chip, where the SoC includes a general area and a security area, where the general area includes a general processor, a general storage area, and a general communication interface, and the security area includes a security processor, a security storage area, and a security communication interface, and the method includes:
detecting that the application program requests to access and update privileged resources of a secure area storage area when the general purpose processor executes the application program;
the general processor calls a general communication interface to initiate a calling request to a user server, wherein the calling request comprises resource content which is requested to be accessed and updated and information of the application program;
the user server receives the call request, and the user server sends a call request permission instruction to the universal area communication interface after determining that the call request is permitted, otherwise, sends a call request rejection instruction;
the universal area sends a preparation state feedback to a user server after receiving the permission calling request instruction;
after receiving the preparation state feedback, the user server sequentially sends multiple items of authority data with random sequences to a universal area communication interface, wherein the multiple items of authority data comprise: during the authorization permission period, the block ID corresponding to the privileged resource requested to be accessed and updated, and the hash value of the block corresponding to each privileged resource requested to be accessed and updated;
the universal area stores the plurality of items of authority data in sequence according to the received authority data sequence;
after the user server confirms that all the plurality of items of authority data are sent, the user server sends an authority verification command to a communication interface of a safety area, wherein the authority verification command comprises the plurality of items of authority data and indicates a sending sequence when the user server sends the plurality of items of authority data to the general area;
after the safety area receives and stores the plurality of items of authority data, the safety area processor generates a random sequence, the random sequence indicates that the plurality of items of authority data received by the general area are rearranged, and the safety area processor sends the random sequence to the general processor;
the general processor rearranges the received multiple items of authority data according to the random sequence, generates a request authority verification matrix and sends the request authority verification matrix to a safety processor;
the security processor rearranges a plurality of items of authority data in the same way, calculates an authority verification matrix, compares the authority verification matrix with a request authority verification matrix sent by the general processor, allows the general processor to access and update a block of privileged resources requested to be accessed and updated when the authority verification matrix is the same as the request authority verification matrix, and simultaneously opens a timer during authorization permission;
and when the general processor judges that the updating of the privileged resource is completed, the general processor returns an updating completion signaling to the user server.
The user server and the security zone are in a secure and trusted state, the user server and the security zones of the multiple internet of things terminals served by the user server can be in the same secure and trusted level, and to some extent, the user server and the single security zone form a mechanism with only two member zone block chains, and the user server and each security zone form one such chain. In the application, the user server stores the privileged resource information of all the security zones, when the privileged resources of the security zones are updated, the server also updates the privileged resources of the security zones as a backup of the resources of the security zones, and the server also stores the special resources respectively according to the blocks, so that when the general zone requests the user server for specific privileged resources, the user server can calculate the hash values of the contents corresponding to the blocks and send the IDs of the blocks, the hash values corresponding to the blocks and the authorization permission periods as the authorization data to the general zone.
In an optional embodiment, the SoC includes a general-purpose area and a secure area, wherein the general-purpose area includes a general-purpose processor, a general-purpose memory area, and a general-purpose communication interface, the general-purpose processor is configured to perform a data processing function in the general-purpose area, the general-purpose memory area is configured to store non-privileged data, and the general-purpose communication interface is configured to perform external communication in the general-purpose area; the security zone comprises a security processor, a security storage zone and a security communication interface, wherein the security processor is used for executing data processing functions in the security zone, the security storage zone is used for storing privilege data, and the security communication interface is used for carrying out external communication in the security zone; the general purpose processor is in secure data communication with the secure processor through a secure channel interface.
In a certain optional embodiment, the user server determines whether to grant the invocation request according to the information of the application program, the resource content requested to be accessed and updated, and the set modification permission for the resource content requested to be accessed and updated;
in an optional embodiment, the user server stores an application information base, the application information base includes a known trusted information state of the application, and the trusted information state is based on a trusted state of an application provider and historical exception record information of the application.
The historical abnormal record information of the application program may be updated abnormal reported by other devices, or modification exceeding the authority.
In an optional embodiment, the sequentially sending, to the universal area communication interface, the plurality of items of right data in a random order includes:
after the user server sends one item of authority information data and receives an ACK signal returned by the universal area, the next item of authority information data is sent to ensure that the receiving sequence and the sending sequence of the universal area are consistent; and the universal area stores the multiple items of authority data in sequence according to the sequence of the received authority data.
In an optional embodiment, the general processor rearranges the received multiple items of permission data according to the random sequence and generates a request permission validation matrix as follows:
suppose that the authority data sent by the user server to the general area is
Figure 827616DEST_PATH_IMAGE001
Items, arranged as one
Figure 968747DEST_PATH_IMAGE001
Vitamin C
Figure 997883DEST_PATH_IMAGE002
Vector of the
Figure 35109DEST_PATH_IMAGE002
The vector is one
Figure 283950DEST_PATH_IMAGE003
Dimension vector, the general processor rearranges according to the random sequence sent by the safety processor to obtain rearranged vector
Figure 900877DEST_PATH_IMAGE004
Vector of the
Figure 784519DEST_PATH_IMAGE004
The vector is one
Figure 258226DEST_PATH_IMAGE003
A dimension vector; the request permission validation matrix
Figure 227319DEST_PATH_IMAGE005
Said request right verification matrix
Figure 647936DEST_PATH_IMAGE006
Is one
Figure 386084DEST_PATH_IMAGE007
A matrix of dimensions.
In an optional embodiment, the security processor rearranges the plurality of items of rights data in the same manner and calculates the rights validation matrix as follows:
suppose that the authority data sent by the user server to the general area is
Figure 30692DEST_PATH_IMAGE001
The security processor recovers an authority verification command and the plurality of items of authority data contained in the authority verification command according to the sending sequence when the user server sends the plurality of items of authority data to the universal area to form a unit
Figure 752661DEST_PATH_IMAGE001
Vitamin C
Figure 508127DEST_PATH_IMAGE008
Vector quantity;
the safety processor rearranges according to the random sequence to obtain rearranged
Figure 569624DEST_PATH_IMAGE009
Vector of the
Figure 889528DEST_PATH_IMAGE009
The vector is one
Figure 567634DEST_PATH_IMAGE003
A dimension vector;
the permission validation matrix
Figure 392370DEST_PATH_IMAGE010
Said right verification matrix
Figure 105112DEST_PATH_IMAGE011
Is one
Figure 294784DEST_PATH_IMAGE007
A matrix of dimensions;
the security processor verifies the permission matrix
Figure 725766DEST_PATH_IMAGE011
Request authority verification matrix sent by general processor
Figure 823035DEST_PATH_IMAGE006
Comparing and judging
Figure 655862DEST_PATH_IMAGE012
The general purpose processor is allowed to access and update the block of privileged resources that it is requesting access and updates.
In one embodiment, if 2 blocks corresponding to the requested special resource in the universal zone are respectively block a and block B, the ID corresponding to block a and block B is ID _ A, ID _ B, the Hash value corresponding to block A, B is Hash _ A, hash _ B, the grant permission period allocated to the universal zone by the user server is duration ab, it can be seen that the number of rights data items sent to the universal zone by the user server is 5, and in actual use, the number of blocks corresponding to the requested special resource may be any number greater than 1.
The user server randomly sends the 5 items of authority data to the general area, and sends the next item after the general area receives each item of return ACK. For example, according to [ ID _ A, ID _ B, durationAB, hash _ A, hash _ B]Sending to the general area, the general area stores the sequence in the order, and recording as
Figure 813173DEST_PATH_IMAGE002
=[ID_A,ID_B,DurationAB,Hash_A,Hash_B]。
Meanwhile, the user server also sends the values of the parameters to the security zone, and the sending can also be in an indication mode, or directly sends the result to the security zone, for example, the user server can directly inform privileged resource content requested by the security zone, the security zone determines the block by itself and calculates a hash value, or sends the block ID to the security zone, and the security zone calculates the hash value according to the block ID, or directly sends the block ID and the hash value to the security zone, which is specifically adopted, can be determined according to the calculation capability of a security zone processor of the internet of things terminal. Meanwhile, the user server needs to send an authorization permission period to the security area, wherein the authorization permission period refers to and estimates the time of the whole process of the terminal of the internet of things needing to access and update privileged resources according to the processing capacity, the processing data size and the stored historical information of the terminal of the internet of things;
if the user server sends all the parameters already calculated to the security area, the sequence of sending these parameters to the general area by the user equipment is indicated in these parameters, e.g. [1,id _a ], [4,hash _a ], [2,id _b ], [5,hash _b ], [3,durationab ] to the security area, the sequence number can be included in the header of the data packet, for example, the total number of data packets can be included in the header, and the number 5 can be indicated in the header, for example, [1,5,id _a ].
After the safe area receives the data packets, the contents of the data packets are extracted and restored to the contents of the data packets according to the receiving sequence of the general area
Figure 967336DEST_PATH_IMAGE008
Figure 71559DEST_PATH_IMAGE008
=[ID_A,ID_B,DurationAB,Hash_A,Hash_B]。
The guard region generates a random sequence for rearranging the data stored in the general region, for example, the random sequence is {4,5,3,1,2}, and the guard region processor transmits the random sequence to the general region.
The universal region processor receives the random sequence sent by the safety processor through the safety channel, rearranges the stored authority data sequence according to the random sequence, and the rearrangement result is
Figure 758892DEST_PATH_IMAGE013
=[Hash_A,Hash_B,DurationAB, ID_A,ID_B]. Similarly, the safe zone processor is also stored in a sequence pair generated by itself
Figure 87105DEST_PATH_IMAGE008
The sequences are rearranged to generate
Figure 492679DEST_PATH_IMAGE014
Figure 931750DEST_PATH_IMAGE014
And
Figure 676852DEST_PATH_IMAGE013
should be the same sequence.
Finally, a matrix of rights validation is requested
Figure 175967DEST_PATH_IMAGE005
And permission validation matrix
Figure 803257DEST_PATH_IMAGE010
In the present embodiment, the first and second electrodes are, in this embodiment,
Figure 311599DEST_PATH_IMAGE015
all should be one
Figure 472060DEST_PATH_IMAGE016
A matrix of dimensions. Other algorithms can be used for generating the request permission verification matrix, for example, the security area can also determine a random number which can be an integer or a floating point number and also send the random number to the general area, and the random number pair is used
Figure 345338DEST_PATH_IMAGE017
Multiplication or order
Figure 194345DEST_PATH_IMAGE018
Can also generate one
Figure 240798DEST_PATH_IMAGE016
The purpose of using the verification matrix instead of the sequence is to enable a third party to obtain data sent by the user server and not to obtain privileged resource data of the security zone in a manner of randomly generating the security zone and sending the data in the security channel, so that the universal zone is prevented from being subjected to permission by the third party to obtain privileged resource data of the security zone, and compared with the sequence, the use of the matrix data also makes the verification result lower in possibility of being decoded, so that the updating process is safer.
And the universal area sends the request permission verification matrix to the safety area, and whether the request permission verification matrix and the safety area are completely equal is verified in the safety area.
The security verification is carried out in this way, so that the reliability of the program operated in the universal area needs to be verified, the communication reliability of the user server and the universal area also needs to be verified, the communication reliability of the safety area and the universal area is ensured, the absolute reliability of the communication in each link is ensured, the possibility of false identity tampering by a third party in any link in the process is prevented, unnecessary access and change of privileged resources by the program in the universal area can be prevented, only necessary access and update are allowed, and the security of private data is ensured.
In an optional embodiment, after receiving the update completion signaling, the user server notifies the security area to terminate the security session, and clears all permission data information of the session;
the authority data information comprises the received authority data and the generated authority verification matrix.
In an optional embodiment, after the user server receives the update completion signaling, notifying the security zone to terminate the security session further includes:
and the user server informs the security zone of uploading the content of the updated privileged resource block and covers the content of the privileged resource block stored in the user server.
In an alternative embodiment, when the timer is set to 0 during the grant permission period, the security processor actively terminates the security session and sends a configuration update exception indication to the server.
In an optional embodiment, after receiving the configuration update exception instruction, the user server initiates a recovery instruction to the security area, where the recovery instruction includes a backup content of a block corresponding to the privileged resource requested to be accessed and updated in the session, and the backup content is a content of a block corresponding to the security area before the update is initiated.
In one embodiment, the same privileged resource information is stored in both the user server and the security zone, the user server records the modification content and the modification source of the privileged resource information updated each time, the user server periodically scans security vulnerabilities, locates the corresponding modification source when finding an unsafe or suspicious vulnerability, and quickly determines the suspicious modified source program and the internet of things terminal. The user server initiates a recovery request to the security area of the internet of things terminal to withdraw all the updated contents of the modification to the previous version, and the application program information base in the user server marks the application program of the source of the suspicious modification, such as a black list or an alarm mark, and the like, and then the user server can perform operations of authority limitation and the like when requesting to configure and update the internet of things device or other internet of things devices served by the user server.
Compared with the prior art, after the universal area application obtains the credible permission, the request permission verification matrix is generated according to each permission data sent by the user server and the random sequence sent by the safety area, and the privilege resource block corresponding to the request after the request permission verification matrix is verified by the safety area is requested. The method of the invention can prevent the universal area program from excessively correcting and updating the privilege data without accessing unnecessary privilege data.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The foregoing describes preferred embodiments of the present invention, and is intended to provide a clear and concise description of the spirit and scope of the invention, and not to limit the same, but to include all modifications, substitutions, and alterations falling within the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A terminal configuration updating method of an Internet of things based on a system on chip (SoC) is applied to the SoC, the SoC comprises a general area and a safety area, wherein the general area comprises a general processor, a general storage area and a general communication interface, and the safety area comprises a safety processor, a safety storage area and a safety communication interface, and the method comprises the following steps:
when a general processor executes an application program, detecting that the application program requests to access and update privileged resources of a safe area storage area;
the general processor calls a general communication interface to initiate a calling request to a user server, wherein the calling request comprises resource content which is requested to be accessed and updated and information of the application program;
the user server receives the calling request, and the user server sends a calling request permission instruction to the universal area communication interface after determining that the calling request is permitted, or else sends a calling request rejection instruction;
the universal area sends a preparation state feedback to a user server after receiving the permission calling request instruction;
after receiving the preparation state feedback, the user server sequentially sends multiple items of authority data with random sequences to a universal area communication interface, wherein the multiple items of authority data comprise: during the authorization permission period, the block ID corresponding to the privileged resource requested to be accessed and updated and the hash value of each block corresponding to the privileged resource requested to be accessed and updated;
the universal area stores the multiple items of authority data in sequence according to the sequence of the received authority data;
after the user server confirms that all the plurality of items of authority data are sent, the user server sends an authority verification command to a communication interface of a safety area, wherein the authority verification command comprises the plurality of items of authority data and indicates a sending sequence when the user server sends the plurality of items of authority data to the general area;
after the safety area receives and stores the plurality of items of authority data, the safety area processor generates a random sequence, the random sequence indicates that the plurality of items of authority data received by the general area are rearranged, and the safety area processor sends the random sequence to the general processor;
the general processor rearranges the received multiple items of authority data according to the random sequence, generates a request authority verification matrix and sends the request authority verification matrix to a safety processor;
the security processor rearranges the multiple items of authority data in the same mode, calculates an authority verification matrix, compares the authority verification matrix with a request authority verification matrix sent by the general processor, allows the general processor to access and update the block of the privileged resource requested to be accessed and updated when the authority verification matrix is the same as the request authority verification matrix, and simultaneously opens a timer during the authorization permission period;
and when judging that the update of the privileged resource is completed, the general processor returns an update completion signaling to the user server.
2. The method of claim 1, wherein the SoC comprises a general purpose region and a secure region, wherein the general purpose region comprises a general purpose processor, a general purpose memory region, and a general purpose communication interface, the general purpose processor is configured to perform data processing functions in the general purpose region, the general purpose memory region is configured to store non-privileged data, and the general purpose communication interface is configured to perform external communication in the general purpose region; the security zone comprises a security processor, a security storage zone and a security communication interface, wherein the security processor is used for executing data processing functions in the security zone, the security storage zone is used for storing privilege data, and the security communication interface is used for carrying out external communication in the security zone; the general purpose processor is in secure data communication with the secure processor through a secure channel interface.
3. The method according to claim 1, wherein the server determines whether to grant the invocation request based on the information of the application program, the resource content requested to be accessed and updated, and the set modification permission for the resource content requested to be accessed and updated;
the user server stores an application program information base, the application program information base comprises a known credible information state of the application program, and the credible information state is according to a credit state of an application program supplier and historical abnormal record information of the application program.
4. The method of claim 1, wherein said sequentially transmitting a plurality of items of rights data in a random order to the universal zone communication interface comprises:
after the user server sends one item of authority information data and receives an ACK signal returned by the universal area, the next item of authority information data is sent to ensure that the receiving sequence and the sending sequence of the universal area are consistent; and the universal area stores the plurality of items of authority data in sequence according to the received authority data sequence.
5. The method of claim 1, wherein the general purpose processor rearranges the received plurality of rights data according to the random sequence and generates a request rights validation matrix as follows:
suppose that the authority data sent by the user server to the general area is
Figure DEST_PATH_IMAGE001
Items, arranged as one
Figure 667803DEST_PATH_IMAGE001
Vitamin (vitamin)
Figure 303183DEST_PATH_IMAGE002
Vector of the
Figure 990517DEST_PATH_IMAGE002
The vector is one
Figure DEST_PATH_IMAGE003
Dimension vector, the general processor rearranges according to the random sequence sent by the safety processor to obtain rearranged vector
Figure 53151DEST_PATH_IMAGE004
Vector of
Figure 193145DEST_PATH_IMAGE004
The vector is one
Figure 897796DEST_PATH_IMAGE003
A dimension vector; the request permission validation matrix
Figure DEST_PATH_IMAGE005
The request authority verification matrix
Figure 740768DEST_PATH_IMAGE006
Is one
Figure DEST_PATH_IMAGE007
A matrix of dimensions.
6. The method of claim 1 or 5, wherein the secure processor rearranges the plurality of rights data and calculates the rights validation matrix in the same manner as follows:
suppose that the authority data sent by the user server to the universal area is
Figure 771041DEST_PATH_IMAGE001
The security processor recovers an authority verification command and the plurality of items of authority data contained in the authority verification command according to the sending sequence when the user server sends the plurality of items of authority data to the universal area to form a unit
Figure 601593DEST_PATH_IMAGE001
Vitamin C
Figure 578777DEST_PATH_IMAGE008
A vector;
the safety processor rearranges according to the random sequence to obtain rearranged
Figure DEST_PATH_IMAGE009
Vector of the
Figure 771861DEST_PATH_IMAGE009
The vector is one
Figure 441876DEST_PATH_IMAGE003
A dimension vector;
the permission validation matrix
Figure 323507DEST_PATH_IMAGE010
Said right verification matrix
Figure DEST_PATH_IMAGE011
Is one
Figure 635540DEST_PATH_IMAGE007
A matrix of dimensions;
the security processor verifies the permission matrix
Figure 151972DEST_PATH_IMAGE011
Request authority verification matrix sent by general processor
Figure 196151DEST_PATH_IMAGE006
Comparing and judging
Figure 798034DEST_PATH_IMAGE012
The general purpose processor is allowed to access and update the block of privileged resources that it is requesting.
7. The method of claim 1,
after receiving the update completion signaling, the user server informs the security area to terminate the security session and clears all authority data information of the session;
the authority data information comprises the received authority data and the generated authority verification matrix.
8. The method as claimed in claim 7, wherein after the user server receives the update completion signaling and notifies the security zone to terminate the security session, the method further comprises:
and the user server informs the security zone of uploading the content of the updated privileged resource block and covers the content of the privileged resource block stored in the user server.
9. The method of claim 1, wherein the security processor actively terminates a secure session and sends a configuration update exception indication to the user server when the grant period timer is set to 0.
10. The method of claim 9,
and after receiving the configuration updating abnormal indication, the user server initiates a recovery indication to the security area, wherein the recovery indication comprises the backup content of the block corresponding to the privileged resource requested to be accessed and updated in the session, and the backup content is the content of the corresponding block in the security area before the update is initiated.
CN202211415792.XA 2022-11-11 2022-11-11 SoC-based Internet of things terminal configuration updating method Active CN115455398B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211415792.XA CN115455398B (en) 2022-11-11 2022-11-11 SoC-based Internet of things terminal configuration updating method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211415792.XA CN115455398B (en) 2022-11-11 2022-11-11 SoC-based Internet of things terminal configuration updating method

Publications (2)

Publication Number Publication Date
CN115455398A CN115455398A (en) 2022-12-09
CN115455398B true CN115455398B (en) 2023-01-10

Family

ID=84295447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211415792.XA Active CN115455398B (en) 2022-11-11 2022-11-11 SoC-based Internet of things terminal configuration updating method

Country Status (1)

Country Link
CN (1) CN115455398B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108694329A (en) * 2018-05-15 2018-10-23 中国科学院信息工程研究所 A kind of mobile intelligent terminal security incident based on software and hardware combining is credible record system and method
WO2020013730A2 (en) * 2018-07-10 2020-01-16 Общество С Ограниченной Ответственностью "Лаборатория Ит Решений "Интеллект" Automated system for requesting and processing a permit to protected sites
CN112041838A (en) * 2018-04-30 2020-12-04 谷歌有限责任公司 Secure zone interaction

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8959657B2 (en) * 2013-03-14 2015-02-17 Appsense Limited Secure data management

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112041838A (en) * 2018-04-30 2020-12-04 谷歌有限责任公司 Secure zone interaction
CN108694329A (en) * 2018-05-15 2018-10-23 中国科学院信息工程研究所 A kind of mobile intelligent terminal security incident based on software and hardware combining is credible record system and method
WO2020013730A2 (en) * 2018-07-10 2020-01-16 Общество С Ограниченной Ответственностью "Лаборатория Ит Решений "Интеллект" Automated system for requesting and processing a permit to protected sites

Also Published As

Publication number Publication date
CN115455398A (en) 2022-12-09

Similar Documents

Publication Publication Date Title
CN110113167B (en) Information protection method and system of intelligent terminal and readable storage medium
JP4643204B2 (en) Server device
US9275228B2 (en) Protecting multi-factor authentication
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
EP3270318B1 (en) Dynamic security module terminal device and method for operating same
KR20190067542A (en) Computing apparatus and method thereof robust to encryption exploit
CN112257086B (en) User privacy data protection method and electronic equipment
US10339307B2 (en) Intrusion detection system in a device comprising a first operating system and a second operating system
KR101089157B1 (en) System and method for logically separating servers from clients on network using virtualization of client
CN112446033A (en) Software trusted starting method and device, electronic equipment and storage medium
CN114065162A (en) Risk control method and device of business system and computer readable storage medium
CN115455398B (en) SoC-based Internet of things terminal configuration updating method
CN111953633A (en) Access control method and access control device based on terminal environment
KR101451323B1 (en) Application security system, security server, security client apparatus, and recording medium
CN114281068A (en) Unmanned equipment remote take-over system, method, device, equipment and storage medium
CN113282951A (en) Security verification method, device and equipment for application program
US11729220B2 (en) User trust scoring for network access control
CN109117625B (en) Method and device for determining safety state of AI software system
CN110650132A (en) Access method and device of edge computing node, computer equipment and storage medium
CN113449269B (en) Core module activation method and device and storage medium
CN110830465B (en) Security protection method for accessing UKey, server and client
CN111291366B (en) Secure middleware system
KR102201218B1 (en) Access control system and method to security engine of mobile terminal
CN111209561B (en) Application calling method and device of terminal equipment and terminal equipment
WO2020228564A1 (en) Application service method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant